Security Target Sophos UTM V9 Packet Filter Version 1.000

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Security Target Sophos UTM V9 Packet Filter Version 1.000"

Transcription

1 Sophos UTM V9 Packet Filter Version Assurance Level EAL4+ Common Critera v3.1 Revision 4 Document version: 1.00 Document date:

2 Document History Version Date Change(s) Author(s) Created first version for evaluation body Martin Becker Changed TOE name to Sophos UTM V9 Packet Filter - Added certification ID - Minor adoptions in text Martin Becker Deleted statement The assumption A.SECINIT is covered by OE.SECINIT as directly follows. in Section Martin Becker Updated hardware requirements in section Martin Becker Fixed incongruent OSI layer of ICMP Martin Becker Added application developer as external entity in section 3.3 Martin Becker Replaced placeholder for guidance document in Section Martin Becker Contents 1 ST Introduction ST Reference and TOE Reference TOE Overview TOE Description Conformance Claim CC Conformance Claim PP and Security Requirement Package Claim CC Conformance Claim Rationale Package Claim

3 Sophos UTM V9 Packet Filter 3 Security Problem Definition Assets Subjects External Entities Assumptions Threats Organisational Security Policies Statement of Security Objectives Security Objectives for the TOE Security Objectives for the Operational Environment Security Objectives Rationale Statement of Security Requirements Security Functional Requirements for the TOE Extended Components Definition Security Assurance Requirements for the TOE Security Requirements Rationale TOE Summary Specification TOE Security Functionality Glossary and Acronyms References List of Tables Table 1: Scope of TOE delivery... 7 Table 2: Sophos UTM V9 Packet Filter components... 8 Table 3: Assets... 9 Table 4: External entities Table 5: Assumptions Table 6: Threats Table 7: Security Objectives for the TOE Table 8: Security Objectives for the environment of the TOE Table 9: Security Objectives Rationale Table 10: Security Functional Requirements for the TOE Table 11: Chosen Evaluation Assurance Requirements Table 12: Coverage of Security Objective for the TOE by SFR

4 Table 13: Fulfilling the SFR dependencies Table 14: TOE security functionality and SFR mapping

5 Sophos UTM V9 Packet Filter 1 ST Introduction 1.1 ST Reference and TOE Reference Title: Sponsor: Editor(s): Security Target Sophos UTM V9 Packet Filter Sophos Technology GmbH Martin Becker Document version: 1.00 Document date: CC version: 3.1, Revision 4 Assurance level: Certification ID: Keywords: TOE name: EAL4+ (EAL4 augmented by ALC_FLR.2) BSI-DSZ-CC-0942 Packet filter, network security, information flow control Sophos UTM V9 Packet Filter TOE version: TOE Overview Usage, Major Security Features and TOE Type This Security Target defines the security objectives and requirements for the Sophos UTM V9 Packet Filter (TOE), a software component of Sophos Technology GmbH. Sophos UTM V9 Packet Filter provides packet filter functionality. Sophos UTM V9 Packet Filter allows the integration of packet filter capability into Sophos UTM. Therefore, the Sophos UTM V9 Packet Filter is delivered to an application developer. The application developer integrates the Sophos UTM V9 Packet Filter into an application in order to build a network component. The administrator of this application is defined as TOE end-user. When IP networks with different levels of security are interconnected, this is usually done by introducing special network components at the border of the networks. These components provide firewall functionality and separate the two or more networks from each other on different levels of the network stack. Data flow from one to another network can be allowed by a rule based policy enforced by these network components. The Sophos UTM V9 Packet Filter consists of software on machines to implement packet filter functionality for the network components; i.e. the Sophos UTM V9 Packet Filter is part of the network components. The Sophos UTM V9 Packet Filter relies on information available at OSI layer 3 and layer 4 for policy enforcement. The functionality for packet filtering is part of the operating system (Linux). The Sophos UTM V9 Packet Filter supports IPv4 [4] and IPv6 [5]. 5

6 The TOE major security features are: The TOE enforces the Packet Filter information flow policy. This policy ensures that the TOE will only forward data from and to the internal network if the information flow policy allows it. The TOE collects audit data into a memory buffer to facilitate identification of policy violations. The TOE is capable of performing management functions such as modification of networks filter traffic rules and configuration data. The TOE verifies the identification information of an administrator provided by the environment (application) before any management function is performed. The following security services are not part of the TOE and are thus to be provided by the IT environment (application): The environment provides Identification and Authentication of the administrator Forwarding of audit data to a management machine (syslog host) The generation of networks filter traffic rules (policy) and configuration data takes place in the IT environment. The IT environment provides NTP service and Syslog service. After start-up of a network component that comprise the TOE and a secure initialisation process the initial TOE configuration data is read via I/O-control interface in the TOE system start-up process. The configuration data is the human readable content of the configuration file. The configuration data comprise IP address- and network interface definition, static routes and other system parameters. If no configuration data is available on start-up the TOE will not start-up automatically Required Non-TOE Hardware/Software/Firmware The TOE has the following minimal requirements concerning the physical machine they run on: Intel i686 compatible CPU PCI bus system 1024 MB RAM Two or more PCI Ethernet network interface cards (100Mbit or 1000Mbit) Storage entity (20 GB IDE or SCSI hard disk drive) Bootable IDE or SCSI CD-ROM drive The hardware must be compatible with the Linux operating system used for the application. The physical connections are: power supply network interfaces PS/2- or USB-attached keyboard VGA graphics adapter 6

7 Sophos UTM V9 Packet Filter 1.3 TOE Description Physical Scope of the TOE The TOE consists of several components that are all running in kernel-space on the Linux operating system. These components are the following kernel parts: packet filter, management, and audit mechanism. All other parts of the system are considered to be environment of the TOE. The TOE is delivered to an application developer. The TOE delivery includes the software Sophos UTM V9 Packet Filter and the guidance document (see [6]). The software component is electronically signed. Delivered TOE Parts Version Remarks Software component Sophos UTM V9 Packet Filter Version Sophos UTM V9 Packet Filter Software on CD-ROM Guidance Document Version 0.92 Delivered as PDF on Sophos UTM V9 Packet Filter CD- ROM Table 1: Scope of TOE delivery Logical Scope of the TOE Audit Data The TOE collects audit data into a memory buffer to facilitate identification of policy violations. This allows the administrator to inspect the received audit data from the packet filter. The TOE generates audit records for start-up and shutdown of the audit functions. It must be noted that the shutdown of the audit functions mentioned in FAU_GEN.1.1 is not directly visible as a separate audit record. However, a shutdown of the audit functions of the TOE always correlates with a shutdown of the underlying system supporting the TOE. Furthermore, the shutdown of the underlying system always generates an audit record. For that reason, the shutdown of the TOE audit functions is indicated by the audit record of the shutdown of the system. datagrams received or sent through a network components network interfaces if they match configured patterns Information Flow Protection The TOE enforces a Packet Filter information flow policy, whose filtering rules are set during operation. This policy ensures that the TOE will only forward data from and to the internal network based on the information flow policy. Therefore the TOE implements the information flow control (as routers) on the network layer (IP/ICMP) and transport layer (TCP/UDP). In order to apply the packet filter rules the network components take the information from the IP/ICMP and TCP/UDP-Header (where applicable). 7

8 Management The TSF is capable of performing the following management functions: Modification of network traffic filter rules Modification of configuration data The TOE verifies the identification information of an administrator provided by the environment (application) before any management function can be performed. The TOE is initialized with a strict packet filter rule set, that is, everything is dropped Components The Sophos UTM V9 Packet Filter consists of several components. Table 2 shows which components are parts of the TOE and which ones are parts of the IT environment: IT environment TOE Kernel - Packet filter Audit mechanism Management User space Secure transport mechanism for configuration data and audit data. Management (configuration tool) - Table 2: Sophos UTM V9 Packet Filter components 2 Conformance Claim 2.1 CC Conformance Claim This Security Target and the TOE claim conformance to Part 2[1] and Part 3 [2] of the Common Criteria for Information Technology Security Evaluation. 2.2 PP and Security Requirement Package Claim This Security Target does neither claim conformance to a Protection Profile nor to a security requirement package. 8

9 Sophos UTM V9 Packet Filter 2.3 CC Conformance Claim Rationale As this Security Target does neither claim conformance to a Protection Profile nor to a security requirement package, a conformance claim rationale is not necessary. 2.4 Package Claim This Security Target claims conformance to the assurance package EAL4 augmented by ALC_FLR.2. ALC_FLR.2 adds flaw reporting procedures to the assurance package EAL4. 3 Security Problem Definition This chapter introduces the security problem definition of the TOE. This comprises: The assets which have to be protected by the TOE. The subjects which are interacting with the TOE. 3.1 Assets The assumptions which have to be made about the environment of the TOE. The threats which exist against the assets of the TOE The organizational security policies the TOE has to comply to. The following assets need to be protected by the TOE and its environment: Asset Description TSF Data (Information Flow) Audit data transmitted from the network components to the management machine. Configuration data transmitted from the management machine to the network components. TSF Data (On the TOE) TSF data stored on the TOE which are necessary for its own operation. This includes packet filter rules and configuration data. Resources The resources in the connected networks that the TOE components are supposed to protect. The resources are outside the TOE components. Table 3: Assets 9

10 3.2 Subjects No active entity in the TOE that performs operations on objects is defined. 3.3 External Entities The following external entities may interact with the TOE: External entity Description Administrator The administrator of a network component is an entity that has complete trust with respect to all policies implemented by the TSF. He is in charge of installing and configuring the TOE as well as performing the management functions of the TOE. User Any entity (human or IT) outside the TOE that interacts (or may interact) with the TOE. A goal of a user may be to access or modify sensitive information by sending IP packets to or receiving from the components of the TOE. This includes attacks from the protected networks behind the network components as well as attacks from outside those networks. Attackers with an Enhanced- Basic attack potential are assumed. Application developer The application developer is an entity that integrates the TOE into other firewall and UTM products. Prior to integrating the TOE into such applications, the application developer is obliged to verify the integrity and authenticity of the TOE deliverables. Table 4: External entities 3.4 Assumptions The following assumptions need to be made about the IT environment of the TOE to allow the secure operation of the TOE. Assumption Description A.ENV The TOE is used in a controlled environment. It is assumed: That only the administrator gains physical access to the TOE, That the administrator handles the authentication secrets (see A.I&A) with care, specifically that he will keep them secret and can use it in a way that nobody else can read it. 10

11 Sophos UTM V9 Packet Filter Assumption Description A.NOEVIL The administrator of the TOE is non hostile, well trained and knows the documentation of the TOE. The administrator is responsible for the secure operation of the host running the TOE. A.INFLOW The administrator assures that the packet filter components provide the only connection for the different networks. A.CONFW The configuration interface of the network components (TOE and application) refuses all connections, except the SSH protocol from the management machine. A.TSP The IT environment provides reliable timestamps (NTP server). A.PROT The connection between the management machine and the network components is protected by cryptographic transforms (e. g. SSH authorization and SSH transport protection as defined in [3]). A.AUDIT The IT environment provides a Syslog server and a means to present a readable view of the audit data. A.I&A The environment facilitates Identification and Authentication of an administrator. Table 5: Assumptions 3.5 Threats The following threats have to be countered by the TOE. Hereby attackers with an enhanced-basic attack potential are assumed. Threat Description T.BYPASS A user might attempt to bypass the security functions of the TOE in order to gain unauthorized access to resources in the protected networks. E. g., a user might send non-permissible data through the TOE in order to gain access to resources in protected networks by sending IP packets to circumvent filters. This attack may happen from outside the protected network. 11

12 Threat Description T.WEAKNESS A user might gain access to the TOE in order to read, modify or destroy TSF data by sending IP packets to the TOE and exploiting a weakness of the protocol used. This attack may happen from outside and inside the protected network. A user might also try to access sensitive data of the TOE via its management interface. Table 6: Threats 3.6 Organisational Security Policies The TOE does not enforce organisational security policies. 4 Statement of Security Objectives This chapter describes the security objectives for the TOE (in Chapter 4.1), the security objectives for the operational environment of the TOE (in Chapter 4.2) and contains the security objectives rationale. 4.1 Security Objectives for the TOE The following security objectives have to be met by the TOE: Objective Description O.MANAGEMENT The TOE must provide management functions in order to modify the configuration data and the traffic filter rules. For any command received via the configuration interface authentication of the administrator is required. Other users are rejected. Note: the user identification is provided by the environment (application). O.FILTER The TOE must filter the incoming and the outgoing data traffic of all data between all connected networks according to the rule sets. O.AUDIT The TOE must provide an audit trail of security-related events. Table 7: Security Objectives for the TOE 4.2 Security Objectives for the Operational Environment The following security objectives have to be met by the operational environment of the TOE: 12

13 Sophos UTM V9 Packet Filter Objective Description OE.ENV The TOE is used in a controlled environment. The environment ensures: That only the administrator gains physical access to the TOE, That the administrator handles the authentication secrets (see A.I&A) with care, specifically that he will keep them secret and can use it in a way that nobody else can read it. OE.NOEVIL The administrator of the TOE shall be non-hostile, well trained and has to know the documentation of the TOE. The administrator is responsible for the secure operation of the host running the TOE. OE.INFLOW The administrator must assure that the packet filter components provide the only connection for the different networks. OE.CONFW The configuration interface of the network components (TOE and application) refuses all connections, except the SSH protocol from the management machine. OE.TSP The IT environment provides reliable timestamps (NTP server). OE.PROT The connection between the management machine and the network components is protected by cryptographic transforms (e. g. SSH authorization and SSH transport protection as defined in [3]). OE.AUDIT The IT environment provides a Syslog server and a means to present a readable view of the audit data. OE.I&A The environment must facilitate Identification and Authentication of an administrator. Table 8: Security Objectives for the environment of the TOE 4.3 Security Objectives Rationale The following table provides an overview for security objectives coverage. The following chapters provide a more detailed explanation of this mapping. 13

14 OE.ENV OE.NOEVIL OE.INFLOW OE.CONFW OE.TSP OE.PROT OE.AUDIT OE.I&A O.FILTER O.AUDIT O.MANAGEMENT A.ENV A.NOEVIL A.INFLOW A.CONFW A.TSP A.PROT A.AUDIT A.I&A T.BYPASS T.WEAKNESS Table 9: Security Objectives Rationale Countering the Threats The threat T.BYPASS which describes that an attacker may bypass the security functions of the TOE in order to gain unauthorized access to resources in the protected networks is countered by a combination of the objectives OE.PROT, OE.ENV, OE.INFLOW, and O.FILTER. The environmental objectives OE.ENV and OE.INFLOW ensure that a user can neither interfere with the initial setup or the physical setup of the management machine or network components nor routes around the management machine or network components. Thus, all data pass through the TOE. O.FILTER ensures that this data is always checked and filtered according to the policy. Since the internal network is trusted (OE.ENV), the checked data is not modified after leaving the packet filter. The environmental objective OE.PROT ensures that data flow between the management machine and the network components is protected by cryptographic transforms, i.e. that sessions always provide proof of identification and illegitimate users cannot be taken over established sessions. The threat T.WEAKNESS which describes that an attacker may try to exploit a weakness of the protocol used in order to read, modify or destroy security sensitive data on the TOE is countered by a combination of the objectives OE.I&A, O.AUDIT, OE.AUDIT, OE.CONFW and O.MANAGEMENT. O.AUDIT and OE.AUDIT ensure detection of attempts to compromise the fenced network including the network component that includes the TOE. O.MANAGEMENT and OE.I&A ensure that only the administrator is able to manage the TSF data and counters threats against sensitive data of the TOE via its management interface. Other users will be rejected at the configuration interface. The environmental objective OE.CONFW ensures that no service beside SSH run on the network components. 14

15 Sophos UTM V9 Packet Filter Covering the OSPs The TOE does not enforce organisational security policies Covering the Assumptions The assumption A.ENV is covered by OE.ENV as directly follows. The assumption A.NOEVIL is covered by OE.NOEVIL as directly follows. The assumption A.INFLOW is covered by OE.INFLOW as directly follows. The assumption A.CONFW is covered by OE.CONFW as directly follows. The assumption A.TSP is covered by OE.TSP as directly follows. The assumption A.PROT is covered by OE.PROT as directly follows. The assumption A.AUDIT is covered by OE.AUDIT as directly follows. The assumption A.I&A is covered by OE.I&A as directly follows. 5 Statement of Security Requirements This chapter defines the security functional requirements (see Chapter 5.1) and the security assurance requirements for the TOE (see Chapter 5.3). No extended components are defined in this Security Target (see Chapter 5.2). 5.1 Security Functional Requirements for the TOE The TOE satisfies the SFRs delineated in the following table. The rest of this chapter contains a description of each component and any related dependencies. Security Audit (FAU) FAU_GEN.1 Audit data generation User Data Protection (FDP) FDP_IFC.1 Subset information flow control FDP_IFF.1 Simple security attributes User identification (FIA) FIA_UID.1 Timing of identification Security management (FMT) 15

16 FMT_MSA.1 Management of security attributes FMT_MSA.3 Static attribute initialisation FMT_SMF.1 Specification of management functions FMT_SMR.1 Security roles Table 10: Security Functional Requirements for the TOE Security Audit FAU_GEN.1 Audit data generation FAU_GEN.1.1 FAU_GEN.1.2 Hierarchical to: Dependencies: Application Note: The TSF shall be able to generate an audit record of the following auditable events: a) Start-up and shutdown of the audit functions; b) All auditable events for the [not specified] level of audit; and c) [starting of network components; IP datagrams matching log filters in packet filter rules] The TSF shall record within each audit record at least the following information: a) Date and time of event, type of event, subject identity (if applicable), and the outcome (success or failure) of the event; and b) For each audit event type, based on the auditable event definitions of the functional components included in the PP/ST, [no other audit relevant information] No other components. FPT_STM.1 Reliable time stamps The shutdown of the audit functions mentioned in FAU_GEN.1.1 is not directly visible as a separate audit record. However, a shutdown of the audit functions of the TOE always correlates with a shutdown of the underlying system supporting the TOE. Furthermore, the shutdown of the underlying system always generates an audit record. For that reason, whenever an audit record of the shutdown of the system is generated, one can be assured that the audit functions of the TOE are shut down as well User Data Protection (FDP) FDP_IFC.1 Subset information flow control FDP_IFC.1.1 The TSF shall enforce the [Packet Filter SFP] on [ Subjects: users (external entities) that send and/or receive information through the 16

17 Sophos UTM V9 Packet Filter TOE to one another; Information: data sent from one subject through the TOE to one another; Operation: pass the data]. Hierarchical to: Dependencies: Application Note: No other components. FDP_IFF.1 Simple security attributes The Packet Filter SFP is given in FDP_IFF. The subject definition in FDP_IFC.1.1 belongs to a former CC version. Thus the subjects are identical to the users defined in the external entities definition in Chapter FDP_IFF.1 Simple security attributes FDP_IFF.1.1 The TSF shall enforce the [Packet Filter SFP] based on the following types of subject and information security attributes: [ Subjects: users (external entities) that send and/or receive information through the TOE to one another; Subject security attributes: none; Information: data sent from one subject through the TOE to one another; Information security attributes: source address of subject, destination address of subject, transport layer protocol, interface on which the traffic arrives and departs, port, time]. FDP_IFF.1.2 FDP_IFF.1.3 FDP_IFF.1.4 The TSF shall permit an information flow between a controlled subject and controlled information via a controlled operation if the following rules hold: [Subjects on a network connected to the TOE can cause information to flow through the TOE to a subject on another connected network only if all the information security attribute values are permitted by all information policy rules]. The TSF shall enforce the [reassembly of fragmented IP datagrams before inspection]. The TSF shall explicitly authorise an information flow based on the following rules: [none]. FDP_IFF.1.5 The TSF shall explicitly deny an information flow based on the following rules: [ The TOE shall reject requests of access or services where the information arrives on a network interface and the source address of the requesting subject does not belong to the network associated with the interface (spoofed packets); The TSF shall drop IP datagrams with the source routing option; The TOE shall reject fragmented IP datagrams that cannot be 17

18 reassembled completely within a bounded interval]. Hierarchical to: Dependencies: Application Note: No other components. FDP_IFC.1 Subset information flow control FMT_MSA.3 Static attribute initialisation The subject definition in FDP_IFF.1.1 belongs to a former CC version. Thus the subjects are identical to the users defined in the external entities definition in Chapter User Identification (UID) FIA_UID.1 Timing of identification FIA_UID.1.1 FIA_UID.1.2 Hierarchical to: Dependencies: Refinement: Application Note: The TSF shall allow [the following TSF-mediated actions] on behalf of the user to be performed before the user is identified. all actions except for administrative actions as specified by FMT_SMF.1 The TSF shall require each user to be successfully identified before allowing any other TSF-mediated actions on behalf of that user. No other components. No dependencies. The TOE verifies the identification information of an administrator provided by the environment (see OE.I&A) before any management function can be performed. The user in FIA_UID.1.2 is identical to the Administrator defined in the external entities definition in Chapter Security Management (FMT) FMT_MSA.1 Management of security attributes FMT_MSA.1.1 Hierarchical to: Dependencies: The TSF shall enforce the [Packet Filter SFP] to restrict the ability to [modify, [no other operations]] the security attributes [network traffic filter rules and configuration data] to [the role administrator]. No other components. [FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management 18

19 Sophos UTM V9 Packet Filter FMT_MSA.3 Static attribute initialization FMT_MSA.3.1 FMT_MSA.3.2 Hierarchical to: Dependencies: The TSF shall enforce the [Packet Filter SFP] to provide [restrictive] default values for security attributes that are used to enforce the SFP. The TSF shall allow the [no roles] to specify alternative initial values to override the default values when an object or information is created. No other components. FMT_MSA.1 Management of security attributes FMT_SMR.1 Security roles FMT_SMF.1 Specification of management functions FMT_SMF.1.1 The TSF shall be capable of performing the following management functions: [ Modification of network traffic filter rules, Modification of configuration data]. Hierarchical to: Dependencies: No other components. No dependencies FMT_SMR.1 Security roles FMT_SMR.1.1 FMT_SMR.1.2 Hierarchical to: Dependencies: The TSF shall maintain the role [administrator]. The TSF shall be able to associate users with roles. No other components. FIA_UID.1 Timing of identification 5.2 Extended Components Definition No extended components are defined in this Security Target. 5.3 Security Assurance Requirements for the TOE The following table lists the chosen evaluation assurance components for the TOE: 19

20 Assurance Class Assurance Components ADV ADV_ARC.1, ADV_FSP.4, ADV_IMP.1, ADV_TDS.3 AGD AGD_OPE.1, AGD_PRE.1 ALC ALC_CMC.4, ALC_CMS.4, ALC_DEL.1, ALC_DVS.1, ALC_FLR.2, ALC_LCD.1, ALC_TAT.1 ATE ATE_COV.2, ATE_DPT.1, ATE_FUN.1, ATE_IND.2 AVA AVA_VAN.3 Table 11: Chosen Evaluation Assurance Requirements These assurance components represent EAL4 augmented by the component ALC_FLR.2 (text marked in bold). The complete text for these requirements can be found in [2]. 5.4 Security Requirements Rationale TOE Functional Requirements Rationale O.FILTER O.AUDIT O.MANAGEMENT FAU_GEN.1 FIA_UID.1 FDP_IFC.1 FDP_IFF.1 FMT_MSA.1 FMT_MSA.3 FMT_SMF.1 FMT_SMR.1 Table 12: Coverage of Security Objective for the TOE by SFR 20

21 Sophos UTM V9 Packet Filter The security objective O.FILTER is met by a combination of FDP_IFC.1, FDP_IFF.1 and FMT_MSA.3. FDP_IFC.1 and FDP_IFF.1 describe the information flow controls and information flow control policy. Together, the SFRs describe how the packet filter information flow policies and the administrator specified rule sets apply. FMT_MSA.3 defines that the TOE has to provide restrictive default values for the Packet Filter SFP (information flow policy) attributes. The SFRs are therefore sufficient to satisfy the objective O.FILTER. The security objective O.AUDIT is met by FAU_GEN.1. FAU_GEN.1 describes when and what kind of audit data is generated. The SFR ensures that audit log reports report the state of the TOE. The security objective O.MANAGEMENT is met by FMT_SMF.1, FMT_MSA.1, FIA_UID.1 and FMT_SMR.1. FMT_SMF.1 describes the set of management functionality provided by the TOE. FMT_MSA.1 defines, which roles are allowed to administer the security attributes of the TOE. FIA_UID.1 requires each user to be identified before allowing any relevant actions on behalf of that user. Further the objective requires that the TOE will at least maintain the role administrator. This is defined in FMT_SMR.1, which defines the role Fulfilling the SFR Dependencies The following table shows that all dependencies are met: SFR Dependencies Fulfilled by FAU_GEN.1 FPT_STM.1 FPT_STM.1 is satisfied in the IT environment (see OE.TSP). FIA_UID.1 No dependencies - FDP_IFC.1 FDP_IFF.1 FDP_IFF.1 FDP_IFF.1 FDP_IFC.1 FMT_MSA.3 FDP_IFC.1 FMT_MSA.3 FMT_MSA.1 [FDP_ACC.1or FDP_IFC.1] FMT_SMR.1 FMT_SMF.1 FDP_IFC.1 FMT_SMR.1 FMT_SMF.1 FMT_MSA.3 FMT_MSA.1 FMT_SMR.1 FMT_MSA.1 FMT_SMR.1 FMT_SMF.1 No dependencies - FMT_SMR.1 FIA_UID.1 FIA_UID.1 Table 13: Fulfilling the SFR dependencies 21

22 5.4.3 Security Assurance Requirements Rationale The TOE claims compliance to EAL4 level of assurance augmented by ALC_FLR.2. As described in [2], the level EAL4 indicates that the product is methodically designed, tested, and reviewed. The assurance requirements for life cycle support have been augmented by ALC_FLR.2 (flaw reporting procedures) to account for regular bug fixes for the TOE. This is considered appropriate for attackers with Enhanced-Basic attack potential. The Security assurance requirements are chosen because of the evaluation level EAL4 according to [2]. 6 TOE Summary Specification 6.1 TOE Security Functionality The following table illustrates the mapping of the TOE security functionality and SFRs. FAU_GEN.1 FDP_IFC.1 FDP_IFF.1 FIA_UID.1 FMT_MSA.1 FMT_MSA.3 FMT_SMF.1 FMT_SMR.1 SF1.1 SF1.2 SF1.3 SF2.1 SF2.2 SF3.1 SF3.2 SF3.3 Table 14: TOE security functionality and SFR mapping The following sections provide a more detailed explanation of the TOE security functionality SF1 Information Flow Protection SF1.1 meets FDP_IFC.1. SF1.1, SF1.2, and SF1.3 meet FDP_IFF.1: SF1.1: The TSF implements the information flow control (as routers) on the network layer (IP/ICMP) and transport layer (TCP/UDP). In order to define packet filter rules, the TSF provides packet filter criteria and packet filter actions. The packet filter criteria are: 22

23 source address port time destination address transport layer protocol interface on which traffic arrives and departs The packet filter actions are: accept (= permit) reject1 (= deny) drop Sophos UTM V9 Packet Filter In order to apply the packet filter rules the network components take the information from the IP/ICMP and TCP/UDP-Header (where applicable). SF1.2: The TSF reassembles IP datagrams before further processing is performed. IP datagrams which cannot be reassembled are dropped in a predefined span of time. SF1.3: The TSF drops packets with spoofed source- or destination-ip addresses. Packets with source routing options are also dropped SF2 Security Audit SF2.1 and SF2.2 meet FAU_GEN.1: SF2.1: The TSF generates audit records for start-up and shutdown of the audit functions. It must be noted that the shutdown of the audit functions mentioned in FAU_GEN.1.1 is not directly visible as a separate audit record. However, a shutdown of the audit functions of the TOE always correlates with a shutdown of the underlying system supporting the TOE. Furthermore, the shutdown of the underlying system always generates an audit record. For that reason, whenever an audit record of the shutdown of the system is generated, one can be assured that the audit functions of the TOE are shut down as well. datagrams received or sent through a network components network interfaces if they match configured patterns SF2.2: Each record includes: Time and Date Affected network component 1 reject = drop and signal an error 23

24 Subject identity (source IP) Type of event Affected interface Direction Action (accept, drop or reject) Optional depending on the protocol: IP addresses and ports SF3 Management SF3.1 meets FMT_SMF.1. SF3.2 meets FIA_UID.1, FMT_MSA.1 and FMT_SMR.1. SF3.3 meets FMT_MSA.3. SF3.1: The TSF is capable of performing the following management functions: Modification of network traffic filter rules Modification of configuration data SF3.2: In order to modify the security attributes network traffic filter rules and configuration data, the TOE maintains the role administrator. The TOE verifies the identification information of an administrator provided by the environment (see OE.I&A) before any management function can be performed. Therefore, the TOE verifies whether the user id is equal to zero. SF3.3: The TOE is initialised with a strict packet filter rule set, i.e., everything is dropped. 7 Glossary and Acronyms Term AES BSI LAN NTP PP SFP SFR SSH ST TOE Definition Advanced Encryption Standard Bundesamt für Sicherheit in der Informationstechnik Local Area Network Network Time Protocol Protection Profile Security Function Policy Security Functional Requirement Secure Shell Security Target Target of Evaluation 24

25 Sophos UTM V9 Packet Filter Term TSF Definition TOE Security Function 8 References Common Criteria [1] Common Criteria for Information Technology Security Evaluation, Part 2: Security Functional Components; Version 3.1, Revision 4, CCMB [2] Common Criteria for Information Technology Security Evaluation, Part 3: Security Assurance Components; Version 3.1, Revision 4, CCMB Cryptography [3] RFC4253, SSH Transport Layer Protocol, [4] RFC 791, Internet Protocol, [5] RFC 2460, Internet Protocol, Version 6 (IPv6) Specification, Documentation [6] Sophos UTM V9 Packet Filter, documentation 25

Security Target. Astaro Security Gateway V8 Packet Filter Version 1.000. Assurance Level EAL4+ Common Criteria v3.1

Security Target. Astaro Security Gateway V8 Packet Filter Version 1.000. Assurance Level EAL4+ Common Criteria v3.1 Astaro Security Gateway V8 Packet Filter Version 1.000 Assurance Level EAL4+ Common Criteria v3.1 This Security Target also covers the secunet wall 2 packet filter Version : 1.03 Date: 2011-05-20 Author:

More information

Enterasys Networks, Inc. Netsight/Network Access Control v3.2.2. Security Target

Enterasys Networks, Inc. Netsight/Network Access Control v3.2.2. Security Target Enterasys Networks, Inc. Netsight/Network Access Control v3.2.2 Security Target Evaluation Assurance Level: EAL2+ Document Version: 0.7 Prepared for: Prepared by: Enterasys Networks, Inc. Corsec Security,

More information

gateprotect Firewall Packet-Filtering-Core v10.3 Security Target Version:

gateprotect Firewall Packet-Filtering-Core v10.3 Security Target Version: Version: Status: Last Update: Classification: 1.0 Release 2013-02-08 public Legal tice This document is provided AS IS with no express or implied warranties. Use the information in this document at your

More information

McAfee Web Gateway Version 7.2.0.1 EAL 2 + ALC_FLR.2 Security Target

McAfee Web Gateway Version 7.2.0.1 EAL 2 + ALC_FLR.2 Security Target McAfee Web Gateway Version 7.2.0.1 EAL 2 + ALC_FLR.2 Release Date: 5 October 2012 Version: 1.0 Prepared By: Primasec Ltd. Prepared For: McAfee Inc. 3965 Freedom Circle Santa Clara, CA 95054 Document Introduction

More information

Firewall Protection Profile V2.0 2008. 4. 24

Firewall Protection Profile V2.0 2008. 4. 24 Firewall Protection Profile V2.0 2008. 4. 24 (This page left blank on purpose for double-side printing) Protection Profile Title Firewall Protection Profile for Government Evaluation Criteria Version This

More information

Security Target. McAfee Enterprise Mobility Management 9.7. Document Version 0.9. July 5, 2012

Security Target. McAfee Enterprise Mobility Management 9.7. Document Version 0.9. July 5, 2012 Security Target McAfee Enterprise Mobility Management 9.7 Document Version 0.9 July 5, 2012 Document Version 0.9 McAfee Page 1 of 39 Prepared For: Prepared By: McAfee, Inc. 2821 Mission College Blvd. Santa

More information

Firewall Protection Profile

Firewall Protection Profile samhällsskydd och beredskap 1 (38) ROS-ISÄK Ronny Janse 010-2404426 ronny.janse@msb.se Firewall Protection Profile samhällsskydd och beredskap 2 (38) Innehållsförteckning 1. Introduction... 4 1.1 PP reference...

More information

Microsoft Forefront UAG 2010 Common Criteria Evaluation Security Target Microsoft Forefront Unified Access Gateway Team

Microsoft Forefront UAG 2010 Common Criteria Evaluation Security Target Microsoft Forefront Unified Access Gateway Team Microsoft Forefront UAG 2010 Common Criteria Evaluation Security Target Microsoft Forefront Unified Access Gateway Team Author: Microsoft Corp. Version: 1.0 Last Saved: 2011-03-10 File Name: MS_UAG_ST_1.0.docx

More information

Security Target. Document Version 1.1. March 25, 2013

Security Target. Document Version 1.1. March 25, 2013 Security Target McAfee Enterprise Security Manager with Event Receiver, Enterprise Log Manager, Advanced Correlation Engine, Application Data Monitor and Database Event Monitor 9.1 Document Version 1.1

More information

Security Target. Symantec TM Network Access Control Version 12.1.2. Document Version 0.12. February 14, 2013

Security Target. Symantec TM Network Access Control Version 12.1.2. Document Version 0.12. February 14, 2013 Security Target Symantec TM Network Access Control Version 12.1.2 Document Version 0.12 February 14, 2013 Document Version 0.12 Symantec Page 1 of 39 Prepared For: Prepared By: Symantec Corporation 350

More information

Security Target. McAfee Enterprise Mobility Management 12.0. Document Version 1.16

Security Target. McAfee Enterprise Mobility Management 12.0. Document Version 1.16 Security Target McAfee Enterprise Mobility Management 12.0 Document Version 1.16 September 17, 2014 Prepared For: Prepared By: McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 Primasec Ltd

More information

Fingerprint Spoof Detection Protection Profile

Fingerprint Spoof Detection Protection Profile Fingerprint Spoof Detection Protection Profile based on Organisational Security Policies FSDPP_OSP v1.7 Bundesamt für Sicherheit in der Informationstechnik Postfach 20 03 63 53133 Bonn Tel.: +49 228 99

More information

NORGIL. SkyView Link 1 Interface Security Target. 3AQ 23805 AAAA SC - D EN THALES Approved 1/26

NORGIL. SkyView Link 1 Interface Security Target. 3AQ 23805 AAAA SC - D EN THALES Approved 1/26 NORGIL SkyView Link 1 Interface Security Target Written by: Position: Signature: Jens Helge RYPESTØL Systems Engineer Checked by: Position: Signature: O.J. PEDERSEN QA Manager Approved by: Position: Signature:

More information

Stonesoft Corporation. StoneGate Firewall cc.2 Security Target

Stonesoft Corporation. StoneGate Firewall cc.2 Security Target Stonesoft Corporation StoneGate Firewall 5.2.5.8081.cc.2 Security Target VERSION 2.1 2011-10-06 Stonesoft Corporation Itälahdenkatu 22 A, FIN-0210 Helsinki, Finland TABLE OF CONTENTS 1 INTRODUCTION 5 1.1

More information

TRUSTED SECURITY FILTER SECURITY TARGET

TRUSTED SECURITY FILTER SECURITY TARGET TRUSTED SECURITY FILTER SECURITY TARGET Edition: 4 29 Oct 07 Previous editions: Ed. 1 11 May 2006 Ed. 2 16 Aug 2006 Ed. 3 28 June 2007 Author: KKK Appr.: PÅT All pages in this document shall have the same

More information

U.S. Government Protection Profile for Application-level Firewall In Basic Robustness Environments

U.S. Government Protection Profile for Application-level Firewall In Basic Robustness Environments U.S. Government Protection Profile for Application-level Firewall In Basic Robustness Environments Information Assurance Directorate Version 1.1 July 25, 2007 Forward This Protection Profile US Government

More information

Security Target for Cisco Secure PIX Firewall 515, 520, 525 Version 5.2(3)

Security Target for Cisco Secure PIX Firewall 515, 520, 525 Version 5.2(3) Security Target for Cisco Secure PIX Firewall 515, 520, 525 Version 5.2(3) Reference: ST January 2001 Version: 1.6 Europe: USA: CISCO Systems Ltd CISCO Systems Inc. 3 The Square 170 West Tasman Drive Stockley

More information

Mobile Billing System Security Target

Mobile Billing System Security Target Mobile Billing System Security Target Common Criteria: EAL1 Version 1.2 25 MAY 11 Document management Document identification Document ID Document title Product version IDV_EAL1_ASE IDOTTV Mobile Billing

More information

Certification Report StoneGate FW/VPN 5.2.5

Certification Report StoneGate FW/VPN 5.2.5 Ärendetyp: 6 Diarienummer: 11FMV3127-87:1 Dokument ID HEMLIG/ enligt Offentlighets- och sekretesslagen (2009:400) 2012-01-23 Country of origin: Sweden Försvarets materielverk Swedish Certification Body

More information

Thinklogical. VX 80 Router KVM Matrix Switch Security Target

Thinklogical. VX 80 Router KVM Matrix Switch Security Target Thinklogical VX 80 Router KVM Matrix Switch Security Target Document Version 1.2 Prepared by Thinklogical Document Version 1.2 August 2013 Page 1 of 22 Table of Contents 1 SECURITY TARGET INTRODUCTION...

More information

Xceedium GateKeeper Version 5.2.1 Security Target

Xceedium GateKeeper Version 5.2.1 Security Target ceedium GateKeeper Version 521 Security Target February 3, 2011 Prepared for: ceedium, Inc 30 Montgomery Street Jersey City, NJ 07302 Prepared By: Science Applications International Corporation Common

More information

Security Target. NetIQ Access Manager 4.0. Document Version 1.13. August 7, 2014. Security Target: NetIQ Access Manager 4.0

Security Target. NetIQ Access Manager 4.0. Document Version 1.13. August 7, 2014. Security Target: NetIQ Access Manager 4.0 Security Target NetIQ Access Manager 4.0 Document Version 1.13 August 7, 2014 Document Version 1.13 NetIQ Page 1 of 36 Prepared For: Prepared By: NetIQ, Inc. 1233 West Loop South Suite 810 Houston, TX

More information

EMC Corporation Data Domain Operating System Version 5.2.1.0. Security Target. Evaluation Assurance Level (EAL): EAL2+ Document Version: 0.

EMC Corporation Data Domain Operating System Version 5.2.1.0. Security Target. Evaluation Assurance Level (EAL): EAL2+ Document Version: 0. EMC Corporation Data Domain Operating System Version 5.2.1.0 Security Target Evaluation Assurance Level (EAL): EAL2+ Document Version: 0.11 Prepared for: Prepared by: EMC Corporation 176 South Street Hopkinton,

More information

Security Target. Securonix Security Intelligence Platform 4.0. Document Version 1.12. January 9, 2015

Security Target. Securonix Security Intelligence Platform 4.0. Document Version 1.12. January 9, 2015 Security Target Securonix Security Intelligence Platform 4.0 Document Version 1.12 January 9, 2015 Document Version 1.12 Copyright Securonix Page 1 of 41 Prepared For: Prepared By: Securonix 5777 W. Century

More information

SECURITY TARGET FOR FORTIANALYZER V4.0 MR3 CENTRALIZED REPORTING

SECURITY TARGET FOR FORTIANALYZER V4.0 MR3 CENTRALIZED REPORTING SECURITY TARGET FOR FORTIANALYZER V4.0 MR3 CENTRALIZED REPORTING Document No. 1735-005-D0001 Version: 1.0, 3 June 2014 Prepared for: Fortinet, Incorporated 326 Moodie Drive Ottawa, Ontario Canada, K2H

More information

DataPower XS40 XML Security Gateway and DataPower XI50 Integration Appliance Version 3.6. Security Target Version 0.75

DataPower XS40 XML Security Gateway and DataPower XI50 Integration Appliance Version 3.6. Security Target Version 0.75 DataPower S40 ML Security Gateway and DataPower I50 Integration Appliance Version 3.6 Security Target Version 0.75 10/09/2008 Prepared for: IBM SOA Appliance Group One Rogers St Cambridge, MA 02142 Prepared

More information

BMC Real End User Experience Monitoring and Analytics 2.5. Security Target

BMC Real End User Experience Monitoring and Analytics 2.5. Security Target BMC Real End User Experience Monitoring and Analytics 2.5 Security Target Version 0.07 5 March 2015 Copyright 2015 BMC Software, Inc. All rights reserved. BMC, BMC Software, and the BMC Software logo

More information

U.S. Government Protection Profile for Database Management Systems

U.S. Government Protection Profile for Database Management Systems U.S. Government Protection Profile for Database Management Systems Information Assurance Directorate Version 1.3 December 24, 2010 Protection Profile Title: 1 U.S. Government Protection Profile for Database

More information

Extreme Networks, Inc. ExtremeXOS Network Operating System v12.3.6.2

Extreme Networks, Inc. ExtremeXOS Network Operating System v12.3.6.2 Extreme Networks, Inc. ExtremeXOS Network Operating System v12.3.6.2 Security Target Evaluation Assurance Level: EAL3+ Document Version: 0.9 Prepared for: Prepared by: Extreme Networks, Inc. 3585 Monroe

More information

Teradata Database Version 2 Release 6.1.0 (V2R6.1.0) Security Target

Teradata Database Version 2 Release 6.1.0 (V2R6.1.0) Security Target Teradata Database Version 2 Release 6.1.0 (V2R6.1.0) Security Target Version 2.0 February 2007 TRP Number: 541-0006458 NCR, Teradata and BYNET are registered trademarks of NCR Corporation. Microsoft, Windows,

More information

EPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION

EPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION COMMON CRITERIA PROTECTION PROFILE EPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION Draft Version 1.0 TURKISH STANDARDS INSTITUTION TABLE OF CONTENTS Common Criteria Protection Profile...

More information

SenSage, Inc. SenSage 4.6.2. Security Target. Evaluation Assurance Level: EAL2+ Document Version: 1.2

SenSage, Inc. SenSage 4.6.2. Security Target. Evaluation Assurance Level: EAL2+ Document Version: 1.2 SenSage, Inc. SenSage 4.6.2 Security Target Evaluation Assurance Level: EAL2+ Document Version: 1.2 Prepared for: Prepared by: SenSage, Inc. 55 Hawthorne Street San Francisco, CA 94105 United States of

More information

Low Assurance Protection Profile for a VPN gateway

Low Assurance Protection Profile for a VPN gateway LAPP VPN gateway Low Assurance Protection Profile for a VPN gateway Version: 1.4 Date: 29/04/2005 Filename: lapp4_14 Product: VPN gateway Sponsor: SRC Security Research & Consulting GmbH, Graurheindorfer

More information

JMCS Northern Light Video Conferencing System Security Target

JMCS Northern Light Video Conferencing System Security Target JMCS Northern Light Video Conferencing System Security Target Common Criteria: EAL2 Version 1.2 22 FEB 12 Document management Document identification Document ID Document title Product version NLVC_ST_EAL2

More information

McAfee Web Gateway Version 7.0.1.1 EAL 2 + ALC_FLR.2 Security Target

McAfee Web Gateway Version 7.0.1.1 EAL 2 + ALC_FLR.2 Security Target McAfee Web Gateway Version 7.0.1.1 EAL 2 + ALC_FLR.2 Security Target Release Date: September 2010 Document ID: Version: Draft J Prepared By: Primasec Ltd. Prepared For: McAfee Inc. 3965 Freedom Circle

More information

BMC ProactiveNet Performance Management 9.5. Security Target

BMC ProactiveNet Performance Management 9.5. Security Target BMC ProactiveNet Performance Management 9.5 Security Target Version 0.4 18 July 2014 Copyright 2014 BMC Software, Inc. All rights reserved. BMC, BMC Software, and the BMC Software logo are the exclusive

More information

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik Common Criteria Protection Profile Cryptographic Modules, Security Level Enhanced BSI-CC-PP-0045 Endorsed by the Foreword This Protection Profile - Cryptographic Modules, Security Level Enhanced - is issued

More information

Lessons learnt in writing PP/ST. Wolfgang Killmann T-Systems

Lessons learnt in writing PP/ST. Wolfgang Killmann T-Systems Lessons learnt in writing PP/ST Wolfgang Killmann T-Systems Overview of the talk Lessons learnt in writing PP/ST Practical experience of PP/ST writing Issues with and suggestions for PP/ST writing Conformance

More information

Nexpose Vulnerability Management and Penetration Testing System V.5.1 Security Target

Nexpose Vulnerability Management and Penetration Testing System V.5.1 Security Target Rapid7 Nexpose Vulnerability Management and Penetration Testing System V.5.1 Security Target Version 1.7 May 11, 2012 Prepared for: Rapid7 LLC 545 Boylston Street, Suite 400 Boston, MA 02116 Prepared By:

More information

EAL4+ Security Target

EAL4+ Security Target EAL4+ Security Target Common Criteria: EAL4 augmented with ALC_FLR.3 Version 1.0 21-DEC-10 Document management Document identification Document ID Document title Release authority E14_EAL4_ASE Microsoft

More information

Symantec Security Information Manager Version 4.8.1

Symantec Security Information Manager Version 4.8.1 Security Target Symantec Security Information Manager Version 4.8.1 Document Version 1.7 January 30, 2014 Document Version 1.7 Copyright Symantec Corporation Page 1 of 42 Prepared For: Prepared By: Symantec

More information

IBM WebSphere Message Broker Security Target

IBM WebSphere Message Broker Security Target IBM WebSphere Message Broker Security Target Version 2.1.2 2007-08-22 Document History Version Date Summary Author 1.0 2006-10-23 Final EAL3 ST plus changes by IBM. SAIC / IBM 1.1 2006-12-11 Fixed inconsistencies.

More information

Security Target. Security Target SQL Server 2008 Team. Author: Roger French Version: 1.04 Date: 2011-09-26

Security Target. Security Target SQL Server 2008 Team. Author: Roger French Version: 1.04 Date: 2011-09-26 SQL Server 2008 Team Author: Roger French Version: 1.04 Date: 2011-09-26 Abstract This document is the (ST) for the Common Criteria certification of the database engine of Microsoft SQL Server 2008 R2.

More information

SAMSUNG SDS FIDO Server Solution V1.1 Certification Report

SAMSUNG SDS FIDO Server Solution V1.1 Certification Report KECS-CR-15-73 SAMSUNG SDS FIDO Server Solution V1.1 Certification Report Certification No.: KECS-ISIS-0645-2015 2015. 9. 10 IT Security Certification Center History of Creation and Revision No. Date Revised

More information

CA CA, Inc. Identity Manager 12.5 Identity Manager r12.1 Security Target

CA CA, Inc. Identity Manager 12.5 Identity Manager r12.1 Security Target CA CA, Inc. Identity Manager 12.5 Identity Manager r12.1 Security Target Version 2.0 June Version 21, 2010 0.6 December 29, 2008 Prepared for: Prepared CA for: 100 Staples CA, Inc. Drive Framingham, 100

More information

SolarWinds Log and Event Manager Software Security Target

SolarWinds Log and Event Manager Software Security Target SolarWinds Log and Event Manager Software Security Target Version 1.5 August 25, 2014 SolarWinds Worldwide, LLC 3711 South MoPac Expressway Building Two Austin, Texas 78746 Copyright 2013 SolarWinds Worldwide,

More information

Wyse Technology Inc. Wyse Device Manager Enterprise Edition Version 4.7.2 Security Target

Wyse Technology Inc. Wyse Device Manager Enterprise Edition Version 4.7.2 Security Target Wyse Technology Inc. Wyse Device Manager Enterprise Edition Version 4.7.2 Security Target Version 1.8 April 18, 2011 Wyse Technology Inc. 3471 N. First Street San Jose, CA 95134 DOCUMENT INTRODUCTION Prepared

More information

Security Target for BorderWare Firewall Server 6.5

Security Target for BorderWare Firewall Server 6.5 Security Target for BorderWare Firewall Server 6.5 Reference: ST January 2002 Version : 2.4 North America: Europe: 50 Burnhamthorpe Rd. W. 1 The Harlequin Centre Suite 502 Southall Lane Mississauga Southall

More information

Senforce Endpoint Security Suite Version 3.1.175 Security Target

Senforce Endpoint Security Suite Version 3.1.175 Security Target Senforce Endpoint Security Suite Version 3.1.175 Security Target Version 1.0 06/19/07 Prepared for: Senforce Technologies, Inc. 147 W Election Rd Ste 110 Draper UT 84020 Prepared By: Science Applications

More information

EMC Documentum. EMC Documentum Content Server TM V5.3. and EMC Documentum Administrator TM V5.3. Security Target V2.0

EMC Documentum. EMC Documentum Content Server TM V5.3. and EMC Documentum Administrator TM V5.3. Security Target V2.0 EMC Documentum EMC Documentum Content Server TM V5.3 and EMC Documentum Administrator TM V5.3 Security Target V2.0 December 8, 2005 ST prepared by Suite 5200, 4925 Jones Branch Drive McLean, VA 22102-3305

More information

Trustwave DbProtect Version 6.4.3 Security Target

Trustwave DbProtect Version 6.4.3 Security Target Trustwave DbProtect Version 6.4.3 Security Target Version 1.8 July 21, 2015 Trustwave 70 West Madison Street Suite 1050 Chicago, IL 60602 Prepared By: Common Criteria Consulting LLC 15804 Laughlin Lane

More information

Citrix Systems, Inc. NetScaler Platinum Edition Load Balancer Version 9.1 Security Target

Citrix Systems, Inc. NetScaler Platinum Edition Load Balancer Version 9.1 Security Target Citrix Systems, Inc. NetScaler Platinum Edition Load Balancer Version 9.1 Security Target Evaluation Assurance Level: EAL2 augmented with ALC_FLR.2 Document Version: 1 Prepared for: Prepared by: Citrix

More information

Author: Roger French Version: 1.2 Date: 2009-01-23

Author: Roger French Version: 1.2 Date: 2009-01-23 Security Target SQL Server 2008 Team Author: Roger French Version: 1.2 Date: 2009-01-23 Abstract This document is the Security Target (ST) for the Common Criteria certification of the database engine of

More information

Certification Report - Firewall Protection Profile and Firewall Protection Profile Extended Package: NAT

Certification Report - Firewall Protection Profile and Firewall Protection Profile Extended Package: NAT Template: CSEC_mall_doc.dot, 7.0 Ärendetyp: 6 Diarienummer: 14FMV10188-21:1 Dokument ID CB-015 HEMLIG/ enligt Offentlighets- och sekretesslagen (2009:400) 2015-06-12 Country of origin: Sweden Försvarets

More information

Security Target. Symantec Data Loss Prevention 11.1.1. Document Version 1.0. January 23, 2012

Security Target. Symantec Data Loss Prevention 11.1.1. Document Version 1.0. January 23, 2012 Security Target Symantec Data Loss Prevention 11.1.1 Document Version 1.0 January 23, 2012 Document Version 1.0 Symantec Corporation Page 1 of 40 Prepared For: Prepared By: Symantec Corporation 350 Ellis

More information

Green Hills Software INTEGRITY-178B Separation Kernel Security Target

Green Hills Software INTEGRITY-178B Separation Kernel Security Target Green Hills Software INTEGRITY-178B Separation Kernel Security Target Version 1.0 Prepared for: Green Hills Software, Inc. 34125 US Hwy 19 North Suite 100 Palm Harbor, FL 34684 USA Prepared By: Science

More information

GuardianEdge Data Protection Framework 9.0.1 with GuardianEdge Hard Disk Encryption 9.0.1 and GuardianEdge Removable Storage Encryption 3.0.

GuardianEdge Data Protection Framework 9.0.1 with GuardianEdge Hard Disk Encryption 9.0.1 and GuardianEdge Removable Storage Encryption 3.0. GuardianEdge Data Protection Framework 9.0.1 with GuardianEdge Hard Disk Encryption 9.0.1 and GuardianEdge Removable Storage Encryption 3.0.1 Security Target Version 2.01 Common Criteria EAL4 augmented

More information

Forefront Identity Manager (FIM) 2010

Forefront Identity Manager (FIM) 2010 Forefront Identity Manager (FIM) 2010 Security Target Common Criteria: EAL4 augmented with ALC_FLR.3 Version 1.0 24-MAR-2012 Document history Version Date Description 0.1 28-APR-11 Initial draft for review.

More information

Guidelines for Developer Documentation

Guidelines for Developer Documentation Guidelines for Developer Documentation according to Common Criteria Version 3.1 Version 1.0 Bundesamt für Sicherheit in der Informationstechnik Postfach 20 03 63 53133 Bonn Phone: +49 (0)3018 9582-111

More information

Security Target: Symantec Mail Security 8300 Series Appliances Version 5.0

Security Target: Symantec Mail Security 8300 Series Appliances Version 5.0 Security Target: Symantec Mail Security 8300 Series Appliances Version 5.0 ST Version 1.6 August 20, 2007 Document Version 1.6 Symantec Corporation Page 1 of 55 Prepared For: Prepared By: Symantec Corporation

More information

Security Target SQL Server 2012 Team

Security Target SQL Server 2012 Team Microsoft SQL Server 2012 Database Engine Common Criteria Evaluation (EAL2) Security Target SQL Server 2012 Team Author: Version: 1.2 Roger French (Microsoft Corporation) Date: 2012-08-07 Abstract This

More information

Low Assurance Protection Profile for a VoIP Infrastructure

Low Assurance Protection Profile for a VoIP Infrastructure Low Assurance Protection Profile for a VoIP Infrastructure Version 1.1 Date Author(s) Dirk-Jan Out Certification ID Sponsor File name No of pages 12 TNO-ITSEF BV VoIP Low Assurance Protection Profile 1.1

More information

MINISTERIO DE DEFENSA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN

MINISTERIO DE DEFENSA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN REF: 2010-22-INF-764 V1 Distribution: Expediente Date: 21.11.2011 Created: CERT3 Reviewed: CALIDAD Approbed: TECNICO CERTIFICATION REPORT FOR FOR HUAWEI INTEGRATED MANAGEMENT APPLICATION PLATFORM VERSION

More information

Top Layer Networks. Security Target V2.3

Top Layer Networks. Security Target V2.3 Top Layer Networks IDS Balancer TM Version 2.2 Appliance (IDSB3531-CCV1.0, IDSB3532-CCV1.0, IDSB4508-CCV1.0) Security Target V2.3 August 31, 2004 AppBalancing, AppSafe, DCFD, Flow Mirror, SecureWatch,

More information

Exchange Server 2003 Common Criteria Evaluation Security Target Exchange Server 2003 Team

Exchange Server 2003 Common Criteria Evaluation Security Target Exchange Server 2003 Team Exchange Server 2003 Common Criteria Evaluation Security Target Exchange Server 2003 Team Author: Michael Grimm Status: Final Version: 1.9 Revision: 1 Last Saved: 2005-06-21 File Name: MS_EX_ST_1.9.doc

More information

Cisco 800, 1900, 2900, 3900 Series Integrated Service Routers (ISR) Security Target

Cisco 800, 1900, 2900, 3900 Series Integrated Service Routers (ISR) Security Target Cisco 800, 1900, 2900, 3900 Series Integrated Service Routers (ISR) Security Target Revision 1.0 August 2011 1 Table of Contents 1 SECURITY TARGET INTRODUCTION... 6 1.1 ST and TOE Reference... 6 1.2 Acronyms

More information

Natek Network Access Control (NAC)

Natek Network Access Control (NAC) Natek Network Access Control (NAC) V 5.4.2 Security Target Release Date: 28.08.2014 Version 1.13 AUTHOR: NATEK BİLİŞİM BİLGİSAYAR EĞİTİM DANIŞMANLIK YAZILIM TİCARET SANAYİ ANONİM ŞİRKETİ 1 Revision History

More information

Trustwave Secure Web Gateway Security Target

Trustwave Secure Web Gateway Security Target Trustwave Secure Web Gateway Security Target Version 1.5 September 18, 2013 Trustwave 70 West Madison Street Suite 1050 Chicago, IL 60602 Prepared By: Common Criteria Consulting LLC 15804 Laughlin Lane

More information

MINISTERIO DE DEFENSA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN CERTIFICATION REPORT

MINISTERIO DE DEFENSA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN CERTIFICATION REPORT REF: 2010-16-INF-682 v2 Difusión: Expediente Fecha: 13.07.2011 Creado: CERT2 Revisado: TECNICO Aprobado: JEFEAREA CERTIFICATION REPORT Expediente: 2010-16 Datos del solicitante: 440301192W HUAWEI References:

More information

IMPP. Identity Management Protection Profile BSI-PP-0024

IMPP. Identity Management Protection Profile BSI-PP-0024 Identity Management Protection Profile IMPP BSI-PP-0024 Version Number 1.17 Date: January 12, 2006 Status: Final Author: David Ochel Owner: Brian Matthiesen Note: This document will become a public document

More information

FOR EAL2 AUGMENTED WITH ALC_FLR.1. Version: 1.2 November 20, 2013

FOR EAL2 AUGMENTED WITH ALC_FLR.1. Version: 1.2 November 20, 2013 SECURITY TARGET FOR A10 NETWORKS THUNDER 5430S AND 6430S APPLICATIONS DELIVERY CONTROLLERS EAL2 AUGMENTED WITH ALC_FLR.1 Version: 1.2 November 20, 2013 DENMARK FINLAND NORWAY SWEDEN THE NETHERLANDS www.secode.no

More information

CONTROLLED ACCESS PROTECTION PROFILE

CONTROLLED ACCESS PROTECTION PROFILE CONTROLLED ACCESS PROTECTION PROFILE Version 1.d Information Systems Security Organization National Security Agency 9800 Savage Road Fort George G. Meade, MD 20755-6000 8 October 1999 8 October 1999 2

More information

Low Assurance Protection Profile for a Software Based Personal Firewall for home Internet use

Low Assurance Protection Profile for a Software Based Personal Firewall for home Internet use TNO report PP-Software Based Personal Firewall-1.2 Low Assurance Protection Profile for a Software Based Personal Firewall for home Internet use Version 1.2 Date 6 th April 2005 Author(s) Rob Hunter Dirk-Jan

More information

Secuware Virtual System (SVS)

Secuware Virtual System (SVS) Secuware Virtual System (SVS) SECURITY TARGET EAL2 Copyright 2008 by SECUWARE All rights reserved. The information in this document is exclusive property of SECUWARE and may not be changed without express

More information

Protection Profile for UK Dual-Interface Authentication Card

Protection Profile for UK Dual-Interface Authentication Card Protection Profile for UK Dual-Interface Authentication Card Version 1-0 10 th July 2009 Reference: UNKT-DO-0002 Introduction This document defines a Protection Profile to express security, evaluation

More information

Network Intrusion Prevention System Protection Profile V1.1

Network Intrusion Prevention System Protection Profile V1.1 Network Intrusion Prevention System Protection Profile V1.1 December 21, 2005 (This page left blank on purpose for double-side printing) Protection Profile Title Network Intrusion Prevention System Protection

More information

Marimba Client and Server Management from BMC Software Release 6.0.3

Marimba Client and Server Management from BMC Software Release 6.0.3 Marimba Client and Server Management from BMC Software Release 6.0.3 Version 2.3.0 4 June, 2007 Prepared by: BMC Software, Inc. 2101 City West Blvd. Houston, Texas 77042 TABLE OF CONTENTS 1. Introduction...

More information

McAfee Firewall Enterprise v7.0.1.02 Security Target

McAfee Firewall Enterprise v7.0.1.02 Security Target McAfee Firewall Enterprise v7.0.1.02 Security Target 8 Nov 2010 Version 1.3 Prepared By: Primasec Ltd For McAfee Inc 2340 Energy Park Drive St. Paul, MN 55108 USA McAfee Inc. Page 1 of 60 Contents 1 Introduction...

More information

Security Target. McAfee Host Intrusion Prevention 8 and epolicy Orchestrator 4.5. Document Version 1.1. September 9, 2011

Security Target. McAfee Host Intrusion Prevention 8 and epolicy Orchestrator 4.5. Document Version 1.1. September 9, 2011 Security Target McAfee Host Intrusion Prevention 8 and epolicy Orchestrator 4.5 Document Version 1.1 September 9, 2011 Document Version 1.1 McAfee Page 1 of 61 Prepared For: Prepared By: McAfee, Inc. 2821

More information

Build a CC assurance package dedicated to your risk assessment. Francois GUERIN Security Program Manager francois.guerin@gemalto.

Build a CC assurance package dedicated to your risk assessment. Francois GUERIN Security Program Manager francois.guerin@gemalto. Build a CC assurance package dedicated to your risk assessment Francois GUERIN Security Program Manager francois.guerin@gemalto.com Gemplus & Axalto merge into Gemalto 1.7 billion in combined pro-forma

More information

National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report

National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Validation Report TM HP Network Node Management Advanced Edition Software V7.51 with patch PHSS_35278 Report

More information

Network Device Collaborative Protection Profile (NDcPP) Extended Package Session Border Controller. July 24, 2015 Version 1

Network Device Collaborative Protection Profile (NDcPP) Extended Package Session Border Controller. July 24, 2015 Version 1 Network Device Collaborative Protection Profile (NDcPP) Extended Package Session Border Controller July 24, 2015 Version 1 1 Table of Contents 1 Introduction... 4 1.1 Conformance Claims...4 1.2 How to

More information

McAfee Firewall Enterprise v8.2.0 and McAfee Firewall Enterprise Control Center v5.2.0 Security Target

McAfee Firewall Enterprise v8.2.0 and McAfee Firewall Enterprise Control Center v5.2.0 Security Target v8.2.0 and McAfee Firewall Enterprise Control Center v5.2.0 10 January 2012 Version 1.1 Prepared By: Primasec Ltd For McAfee Inc 2340 Energy Park Drive St. Paul, MN 55108 USA Contents 1 Introduction...

More information

Trust Technology Assessment Program. Validation Report

Trust Technology Assessment Program. Validation Report Trust Technology Assessment Program Validation Report U.S. Government Traffic Filter Firewall Protection Profile for Low-Risk Environments version 1.1 TTAP Report Number: TTAP-VR-0007 June, 1999 Mutual

More information

RSA, The Security Division of EMC RSA Data Loss Prevention Suite v6.5. Security Target

RSA, The Security Division of EMC RSA Data Loss Prevention Suite v6.5. Security Target RSA, The Security Division of EMC RSA Data Loss Prevention Suite v6.5 Security Target Evaluation Assurance Level: EAL2 Augmented with ALC_FLR.1 Document Version: 0.7 Prepared for: Prepared by: RSA, The

More information

Check Point Endpoint Security Media Encryption Security Target

Check Point Endpoint Security Media Encryption Security Target Check Point Endpoint Security Media Encryption Security Target Version 1.0 June 23, 2010 Prepared for: 5 Ha Solelim St. Tel Aviv, Israel 67897 Prepared By: Science Applications International Corporation

More information

Korean National Protection Profile for Voice over IP Firewall V1.0 Certification Report

Korean National Protection Profile for Voice over IP Firewall V1.0 Certification Report KECS-CR-16-36 Korean National Protection Profile for Voice over IP Firewall V1.0 Certification Report Certification No.: KECS-PP-0717-2016 2016. 6. 10 IT Security Certification Center History of Creation

More information

Security Target Microsoft SQL Server Team

Security Target Microsoft SQL Server Team Security Target Microsoft SQL Server Team Author: Roger French Version: 1.27 Date 2008-07-23 File Name: MS_SQL_ST_1.27 Abstract This document is the Security Target (ST) for the Common Criteria evaluation

More information

Blue Coat Systems, Inc. ProxySG v5.3.1.9 running on SG510, SG810, and SG8100. Security Target

Blue Coat Systems, Inc. ProxySG v5.3.1.9 running on SG510, SG810, and SG8100. Security Target Blue Coat Systems, Inc. ProxySG v5.3.1.9 running on SG510, SG810, and SG8100 Security Target Evaluation Assurance Level: EAL 2+ Document Version: 0.7 Prepared for: Prepared by: Blue Coat Systems, Inc.

More information

Red Hat Enterprise Linux 3 (running on specified Dell and Hewlett-Packard hardware) Security Target

Red Hat Enterprise Linux 3 (running on specified Dell and Hewlett-Packard hardware) Security Target Red Hat Enterprise Linux 3 (running on specified Dell and Hewlett-Packard hardware) Security Target Version 1.7 January 2004 Document Control DOCUMENT TITLE Red Hat Enterprise Linux 3 Security Target Version

More information

Joint Interpretation Library

Joint Interpretation Library Document purpose: provide rules to ensure that CC is used for hardware integrated circuits in a manner consistent with today s state of the art hardware Version 3.0 February 2009 Joint Interpretation Library

More information

IBM DB2 Version 10.1 Enterprise Server Edition for Linux, Unix, and Windows (CC Configuration) Security Target

IBM DB2 Version 10.1 Enterprise Server Edition for Linux, Unix, and Windows (CC Configuration) Security Target IBM DB2 Version 10.1 Enterprise Server Edition for Linux, Unix, and Windows (CC Configuration) Security Target Revision 15 September, 2012 Prepared for: IBM Canada, Ltd. 3600 Steeles Avenue East Markham,

More information

SECURITY TARGET FOR CENTRIFY SUITE VERSION 2013.2

SECURITY TARGET FOR CENTRIFY SUITE VERSION 2013.2 SECURITY TARGET FOR CENTRIFY SUITE VERSION 2013.2 Document No. 1769-000-D0007 Version: v0.89, 12 September 2013 Prepared for: Centrify Corporation 785 N. Mary Avenue, Suite 200 Sunnyvale, California USA,

More information

National Information Assurance Partnership

National Information Assurance Partnership National Information Assurance Partnership TM Common Criteria Evaluation and Validation Scheme Validation Report Protection Profile for Software Full Disk Encryption, Version 1.1 Report Number: CCEVS-VR-PP-0003

More information

Protection Profile for Server Virtualization

Protection Profile for Server Virtualization Protection Profile for Server Virtualization 29 October 2014 Version 1.0 i 0 Preface 0.1 Objectives of Document This document presents the Common Criteria (CC) Protection Profile (PP) to express the fundamental

More information

MINISTERIO DE DEFENSA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN CERTIFICATION REPORT

MINISTERIO DE DEFENSA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN CERTIFICATION REPORT REF: 2010-15-INF-681 v1 Difusión: Expediente Fecha: 05.07.2011 Creado: CERT2 Revisado: TECNICO Aprobado: JEFEAREA CERTIFICATION REPORT Expediente: 2010-15 Datos del solicitante: 440301192W HUAWEI References:

More information

BSI-DSZ-CC-0678-2011. for. Microsoft Forefront Unified Access Gateway 2010 (CC) Version / Build 4.0.1752.10000. from. Microsoft Corporation

BSI-DSZ-CC-0678-2011. for. Microsoft Forefront Unified Access Gateway 2010 (CC) Version / Build 4.0.1752.10000. from. Microsoft Corporation BSI-DSZ-CC-0678-2011 for Microsoft Forefront Unified Access Gateway 2010 (CC) Version / Build 4.0.1752.10000 from Microsoft Corporation BSI - Bundesamt für Sicherheit in der Informationstechnik, Postfach

More information

Common Criteria for Information Technology Security Evaluation. Part 3: Security assurance components. September 2012. Version 3.

Common Criteria for Information Technology Security Evaluation. Part 3: Security assurance components. September 2012. Version 3. Common Criteria for Information Technology Security Evaluation Part 3: Security assurance components September 2012 Version 3.1 Revision 4 CCMB-2012-09-003 Foreword This version of the Common Criteria

More information

Australasian Information Security Evaluation Program

Australasian Information Security Evaluation Program Australasian Information Security Evaluation Program Certification Report Certificate Number: 2010/71 10 Dec 2010 Version 1.0 Commonwealth of Australia 2010. Reproduction is authorised provided that the

More information

HP StoreOnce Backup System Generation 3 Version 3.6.6 Security Target

HP StoreOnce Backup System Generation 3 Version 3.6.6 Security Target HP StoreOnce Backup System Generation 3 Version 3.6.6 Security Target Version 1.0 February 12, 2014 Prepared for: Hewlett-Packard Long Down Avenue Stoke Gifford Bristol BS34 8QZ UK Prepared By: Leidos

More information